On Fri, 03 Nov 2006 08:22:28 -0800, Alexander Lind <[EMAIL PROTECTED]>
wrote:
>Thanks, I do stand corrected.
>
>Next time I spec out firewalls, I will keep your arguments in mind for
>sure, they do make a lot of sense.
>
>Alec
Corrected? -I think a much better way to look at is your perspective h
Thanks, I do stand corrected.
Next time I spec out firewalls, I will keep your arguments in mind for
sure, they do make a lot of sense.
Alec
J.C. Roberts wrote:
> On Thu, 02 Nov 2006 22:03:05 -0800, Alexander Lind <[EMAIL PROTECTED]>
> wrote:
>
>
>>> RAID, kiddo.
>>> It's more complex. It is
On Fri, 3 Nov 2006 11:04:03 +0100, ropers wrote:
>Repeat after me:
>"Complexity is the worst enemy of security. Secure systems should be
>cut to the bone and made as simple as possible. There is no substitute
>for simplicity." (Schneier)
>
>RAID is wonderful in theory.
>But it ain't so easy to esc
On 03/11/06, Alexander Lind <[EMAIL PROTECTED]> wrote:
>> what complexity?
>>
>
> RAID, kiddo.
> It's more complex. It is something else that can go wrong.
> And...it DOES go wrong. Either believe me now, or wish you believed me
> later. Your call. I spent a lot of time profiting from people
On Thu, 02 Nov 2006 22:03:05 -0800, Alexander Lind <[EMAIL PROTECTED]>
wrote:
>> RAID, kiddo.
>> It's more complex. It is something else that can go wrong.
>> And...it DOES go wrong. Either believe me now, or wish you believed me
>> later. Your call. I spent a lot of time profiting from people
>> what complexity?
>>
>
> RAID, kiddo.
> It's more complex. It is something else that can go wrong.
> And...it DOES go wrong. Either believe me now, or wish you believed me
> later. Your call. I spent a lot of time profiting from people who
> ignored my advice. :)
>
Of course raid are
Alexander Lind wrote:
>> As for RAID on a firewall, uh...no, all things considered, I'd rather
>> AVOID that, actually. Between added complexity,
> what complexity?
RAID, kiddo.
It's more complex. It is something else that can go wrong.
And...it DOES go wrong. Either believe me now, or wish you
Ingo Schwarze wrote:
> Perhaps you missed that Nick was talking about a pair of carp'ed
> firewalls. Failure of one machine means *no* downtime. Besides,
> firewalls rarely need to store any valuable data, almost by definition.
>
I'm not saying that digging up parts and building a couple of ma
Perhaps you missed that Nick was talking about a pair of carp'ed
firewalls. Failure of one machine means *no* downtime. Besides,
firewalls rarely need to store any valuable data, almost by definition.
Alexander Lind wrote on Thu, Nov 02, 2006 at 05:27:00PM -0800:
> Now you're talking crazy.
Th
> As for RAID on a firewall, uh...no, all things considered, I'd rather
> AVOID that, actually. Between added complexity,
what complexity?
> added boot time, and
> disks that can't be used without the RAID controller,
why would you want to use your disk WITHOUT the raid controller?
> it is a maj
Paolo Supino wrote:
> Hi Alexander
>
>I completely agree with you and in the long run it will happen, but
> getting a second machine is beyond my budget for the next couple of months.
Then, you should go grab a couple OLD machines, and build your firewall
with them. You probably won't be im
Hello Paolo
Then at least make sure you get a machine with a backup psu and raid. If
downtime is expensive (and it tends to be for most companies) you want
to make sure that your assets are covered when the hw fails :)
Alec
Paolo Supino wrote:
> Hi Alexander
>
> I completely agree with you and
>> Also consider putting some extra cash down on a hw raid controller, and
>> 2 scsi disks for each machine, and run raid 1 on them, for even more
>> failover safety.
>>
>
> but that doubles the cost of the machine and makes for a more complex
> system - if that type of money is available, the
Hi Alexander
I completely agree with you and in the long run it will happen, but
getting a second machine is beyond my budget for the next couple of months.
TIA
Paolo
Alexander Lind wrote:
I don't think the celeron CPU will have any problems coping with that.
Consider getting two
On 2006/11/02 13:36, Alexander Lind wrote:
> Consider getting two of the machines and CARPing them, for redundancy
agreed, it makes servicing, upgrades and fault diagnosis much simpler.
> Also consider putting some extra cash down on a hw raid controller, and
> 2 scsi disks for each machine, and
Hi K Kadow
The NIDS would be snort.
TIA
Paolo
K Kadow wrote:
On 11/2/06, Paolo Supino <[EMAIL PROTECTED]> wrote:
I'm in the process of configuring a Dell PowerEdge 860 as firewall and
I debating what kind of CPU to get for the firewall for an office of
about 50 people, 20MB metro eth
Paolo,
Celerons will work fine, but in the interests of long term capacity
planning, I would recommend going with the low end Dual Core Xeon.
Regards,
Mike Lockhart
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Mike Lockhart[Systems Engineering & Operations]
StayOnline, Inc
h
I would go with option number 2 :)
The NIDS will probably be the most cpu/memory intensive, and if your
running snort or something like that, be sure to get plenty of memory
( eg, over a gig ).
Cheers,
Josh
On Thu, 2006-11-02 at 15:38 -0500, Paolo Supino wrote:
> Hi
>
> I'm in the proce
On 11/2/06, Paolo Supino <[EMAIL PROTECTED]> wrote:
I'm in the process of configuring a Dell PowerEdge 860 as firewall and
I debating what kind of CPU to get for the firewall for an office of
about 50 people, 20MB metro ethernet, and 15 lightly used Internet
servers: FTP, web, DNS, email, NTP,
I don't think the celeron CPU will have any problems coping with that.
Consider getting two of the machines and CARPing them, for redundancy
and load balancing (not that you will likely really need that).
Also consider putting some extra cash down on a hw raid controller, and
2 scsi disks for each
20 matches
Mail list logo
